One technology memory that I have, from over seven years ago, is the first time I held a smart card in my hand. My employer at the time moved into a brand new office building that was a paradigm of state-of-the-art security. Entrance and after-hours elevator and even floor entry in the building was determined by a smart card with an attached reader. Since then, I have seen other manifestations, but that first card will always hold a special place in my memory of technology firsts.
What are they? Having jumped right into my memory, I have neglected to define "smart card." Let me explain. Based on over 250 patents, processes have been developed to insert a silicon chip or microprocessor into a plastic card body. The inserted component is held in place and protected by epoxy resin. Finally, there are generally external contacts or antenna built into the card and attached to the inserted silicon.
While there are many types of smart cards, many with very specific functions, there are two broad categories. Memory cards, which tend to be less expensive, may be read-only, read-write, or be specialized enough to contain something like the code for a Java applet. Microprocessor cards may have more discrete functions.
Smart cards are able to interact with other hardware in two ways. Contact cards (the card must come into physical contact with the card, like my first experience) require physical contact with a reader using that contact point. Contact-less cards typically use radio frequency (RF) technology that transmits a small transmission through the built-in antenna, requiring that the location of the reader is close and usually in line of sight.
Some smart cards are evolutions of the "credit card like" technology and also carry magnetic stripes, bar codes, etcetera, as readers for their intended use are not widely available. The VISA (Visa.com) smart card is a good example of this hybrid implementation.
Smart cards, properly implemented, are secure. Encrypted cards each have their own set of keys. Breaking one card is still not effective against all in a set since the mother key is not saved on the card.
Still, smart cards are technology enablers, not entire solutions. Therefore, any solution will involve discussions of other technologies. Also, since they are plastic, the shelf-life of the actual card is only two-three years and any use must factor in this reality.
Finally, the worldwide adoption of these cards is growing. According to one estimate, the unit sales are expected to have grown an average of over 48 percent between 1997 and 2002.
Applications. To gather additional perspective, recently, I talked with Fabrice Jogand-Coulomb, technical marketing manager at Gemplus (www.Gemplus.com), a manufacturer of smart card solutions. We discussed some of the solutions that his company has been involved in as well as the evolution of this category of technology.
Uses of smart cards vary a great deal and really reflect the flexibility the engineer has once a desired solution has been identified. Some of the most common current or cutting-edge applications of smart cards include:
Authentication. The goal of this use is to improve the quality and reduce the risk of identifying a person or device to be who they say they are. For wireless phones this will improve the security of access, especially as mail and Web-browsing on phones increases.
One specific example is that of a two-card system for patient health information, wherein there are different levels of access to a patient's records. The most extensive and private version of those records is only available after both doctor and patient smart cards are inserted for authentication.
Another authentication application is PKI (public key infrastructure). Basing the keys on smart cards associated algorithms instead of transmitted public keys can increase the level of security.
Other applications include network security (think multiple passwords), building security, and laptop security.
Portable secure repository. More than identifying a person or device, smart cards can carry information about them. For example, while early attempts to use this technology for personal health cards in the U.S. has been largely unsuccessful, CNN.com reported in February 2001 that Hong Kong was considering replacing laminated identification cards with smart cards. When combined with biometric techniques like a fingerprint reader or retinal scan, these cards can be very secure.
Payment operations. Think smart card as an alternative to credit card. The cloning of a credit card (reading and then recreating the information on a magnetic strip) is significantly easier than the encrypted chip. Other applications include debit cards, reading balances, and performing online transactions. And a smart card is far more effective than a PIN code.
Finally, let's think of recreating the EZ-Pay toll road drive through system for many of the other transactions that we complete.
Why use them? An underlying reality is that many traditionally controlled interactions - (doorman, in-the-office-only access, in-store sales) are no longer controllable. You do not see or touch the person in question. In addition, the sheer amount of knowledge or information that you may need to load into a smart card exists as a result of innovation of other IT technologies.
Why you should get used to them. Though building the reader infrastructure and changing user perception and perspective, credit card companies are beginning to embrace smart cards. Computer manufacturers are beginning to include them in their design of new product, notably in view of Microsoft's support for readers in NT 2000. Additionally, there are national and local privacy initiatives that encourage the identity anonymity with authentication that smart cards can provide.
Adoption of this technology is already a certainty. To learn more about this technology and the myriad of intersecting technologies, visit www.Smart-card.com.
Now if only the smart card technology could encourage us to cut our credit card bills!
2001 Smartpros Ltd. All Rights Reserved.